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IN THE CLAIMS: 

1 . (Currently Amended) A method of controlling access to computer system 
resources based on permissions, comprising: 

receiving a request for access to a computer system resource; 

dctennining if a superclass permission of a required permission is present in each 
protection domain of an access control context , wherein the superclass permission is a 
super class o f the required permission: 

adding the required permission to a permission collection if the superclass 
permission of the required permission is present in each protection domain of the access 
control context; and 

granting access to the resource if the superc lass permission of the required 
permission is present in each protection domain of the access control context. 

2. (Original) The method of claim 1, wherein the request is received from bytecode. 

3. (Original) The method of claim 1, further comprising: 

determining the required permission based on a CodeSource associated with the 
request; and 

determining the superclass permission of the required permission based on the 
required permission. 

4. (Original) The method of claim 1, wherein determining if a superclass permission 
of a required permission is present in each protection domain includes determining if at 
least one permission collection in each protection domain includes the superclass 
permission. 

5. (Original) The method of claim 1 , wherein adding the required permission to a 
permission collection includes creating a new permission collection and adding the 
required permission to the new permission collection. 
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6. (Original) The method of claim 5, wherein adding the required permission to a 
permission collection further includes adding any subclass permissions of the required 
permission to the new permission collection. 

7. (Original) The method of claim 1, further comprising retrieving the access 
control context for a thread of execution that sent the request for access to the computer 
system resource. 

8. (Original) The method of claim 1, wherein adding the required permission to a 
permission collection includes adding the permission to a permission collection 
associated with the superclass permission, 

9. (Original) The method of claim 1 , wherein the steps of determining if a 
superclass permission of a required permission is present in each protecti on domain of an 
access control context, and adding the required permission to a permission collection if 
the superclass permission of the required permission is present in each protection domain 
of an access control context are performed by a method called by the required permission 
in response to an implies method operating on the required permission. 

10. (Original) The method of claim 3, wherein the steps of determining the required 
permission based on a CodeSource associated with the request and determining the 
superclass permission of the required permission based on the required permission are 
performed based on a security policy file. 

1 1 . (Currently Amended) A computer program product in a computer readable 
medium for controlling access to computer system resources based on permissions, 
comprising: 

first instructions for receiving a request for access to a computer system resource; 

second instructions for determining if a superclass permission of a required 
permission is present in each protection domain of an access control context , wherein the 
superclass permission is a super class of the required permission ; 
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third instructions for adding the required permission to a permission collection if 
the superclass permission of the required permission is present in each protection domain 
of the access control context; and 

fourth instructions for granting access to the computer system resource if the 
superclass permission of the required permission is present in each protection domain of 
the access control context. 

12. (Original) The computer program product of claim 1 1, wherein the request is 
received from bytecode. 

1.3. (Original) The computer program product of claim 1 1, further comprising: 

. fifth instructions for determining the required permission based on a CodeSource 
associated with the request; and 

sixth instructions for determining the superclass permission of the required 
permission based on the required permission. 

14. (Original) The computer program product of claim 1 1 , wherein the second 
instructions for determining if a superclass permission of a required permission is present 
in each protection domain include instructions for determining if at least one permission 
collection in each protection domain includes the superclass permission. 

1 5 . (Original) The computer program product of claim 1 1 > wherein the third 
instructions for adding the required permission to a permission collection include 
instructions for creating a new permission collection and instructions for adding the 
required permission to the new permission collection. 

16. (Original) The computer program product of claim 1 5, wherein the third 
instructions for adding the required permission to a permission collection further include 
instructions for adding any subclass permissions of the required permission to the new 
permission collection. 
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1 7. (Original) The computer program product of claim 1 1 , further comprising fifth 
instructions for retrieving the access control context for a thread of execution that sent the 
request for access to the computer system resource. 

18. (Original) The computer program product of claim 1 1 , wherein the third 
instructions for adding the required permission to a permission collection include 
instructions for adding the permission to a permission collection associated with the 
superclass pcrmission. 

19. (Original) The computer program product of claim 1 l t wherein the second and 
third instructions are part of a method called by the required permission in response to an 

. implies method operating on the required permission. 

20. (Original) The computer program product of claim 13, wherein the fifth and sixth 
instructions are executed based on a security policy file. 

21 . (Currently Amended) An apparatus for controlling access to computer system 
resources based on permissions, comprising; 

means for receiving a request for access to a computer system resource; 

means for determining if a superclass permission of a required permission is 
present in each protection domain of an access control contex t wherein the superclass 
permission is a super class of the required permission ; 

means for adding the required permission to a permission collection if the 
superclass permission of the required permission is present in each protection domain of 
the access control context; and 

means for granting access to the computer system resource if the superclass 
permission of the required permission is present in each protection domain of the access 
control context. 

22. (Original) The apparatus of claim 21, wherein the request is received from 
bytecode. 
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